Ask Wireshark - RSS feedhttps://ask.wireshark.org/questions/Wireshark questions and answersenCopyright Wireshark Foundation, 2017-2020Thu, 04 Jan 2018 08:20:54 +0000Detect network issuehttps://ask.wireshark.org/question/1142/detect-network-issue/Hi all. I'm quite new about network and facing some SharePoint application's performance issue which I think might be related to network
Currently, the topology is as below
**Client <-> Proxy server <-> App server <-> Database**
The issue is that users **sometime** see long loading time, which can take more than 30s. To detect root cause, we run Wireshark on Proxy and App server. However, because I'm new to network, when looking at log records, I don't know how to identify requests which take long time to response, or which can cause long loading issue. I tried **http.time** filter as well as **TCP delta time** but not sure if they're correct things to follow. As far as I understand, the connection between Client <-> Proxy and Proxy <-> App I should look for HTTP request; and between App <-> Database I should look for TCP request since there's no HTTP here. If there's a request which take high response time from Proxy -> Client, it might be due to high response time of subsequent request between Proxy <-> App <-> Database. Is it correct ?
I'm very appreciated if you guys can instruct me how to investigate logs in correct wayThu, 04 Jan 2018 06:25:37 +0000https://ask.wireshark.org/question/1142/detect-network-issue/Comment by sindy for <p>Hi all. I'm quite new about network and facing some SharePoint application's performance issue which I think might be related to network</p>
<p>Currently, the topology is as below</p>
<p><strong>Client &lt;-&gt; Proxy server &lt;-&gt; App server &lt;-&gt; Database</strong></p>
<p>The issue is that users <strong>sometime</strong> see long loading time, which can take more than 30s. To detect root cause, we run Wireshark on Proxy and App server. However, because I'm new to network, when looking at log records, I don't know how to identify requests which take long time to response, or which can cause long loading issue. I tried <strong>http.time</strong> filter as well as <strong>TCP delta time</strong> but not sure if they're correct things to follow. As far as I understand, the connection between Client &lt;-&gt; Proxy and Proxy &lt;-&gt; App I should look for HTTP request; and between App &lt;-&gt; Database I should look for TCP request since there's no HTTP here. If there's a request which take high response time from Proxy -&gt; Client, it might be due to high response time of subsequent request between Proxy &lt;-&gt; App &lt;-&gt; Database. Is it correct ?</p>
<p>I'm very appreciated if you guys can instruct me how to investigate logs in correct way</p>
https://ask.wireshark.org/question/1142/detect-network-issue/?comment=1143#post-id-1143Application protocols which use TCP as their transport layer (such as http) usually reuse the same TCP session for multiple request/response exchanges. If Wireshark has a dissector for the application protocol, it can identify the relationship between a request and its response and show the time distance between them. If it doesn't, it requires some reverse engineering of the application protocol to identify requests and responses. TCP delta time may or may not help here depending on how many threads communicate using the same TCP session. I.e. if a new request may be sent before the previous has been responded, you cannot use TCP delta time to identify late answers, and you have to find the identifier token which that application protocol uses to pair requests to responses.
A wild guess - are we talking about virtual servers here?Thu, 04 Jan 2018 08:20:54 +0000https://ask.wireshark.org/question/1142/detect-network-issue/?comment=1143#post-id-1143